InQuest provides the ability to perform domain reputation lookups while examining potential threat events. Domain reputation provides valuable context for investigations and can heat or cool a threat score.

It is critical to have as much supporting information as possible when analyzing events. That is why InQuest maintains an aggregated domain reputation database curated from 44 publicly available feeds across 22 unique sources.

Click below to learn how InQuest can effectively identify and score the threats targeting your network and users.

Read more
Latest InQuest™ Blog Posts

Base64 Encoded Powershell Pivots

Posted on 2019-07-19 by Pedram Amini

In this short post, we share a YARA rule that threat hunters will find valuable for identifying potentially malicious Powershell pivots. Specifically, we'll be looking for base64 encoded Powershell directives. Additionally, some interesting real-world samples will be shared with the reader.

Read more
InQuest™ Labs Research Spotlight

Boomerang Decompiler.

A general, open-source, retargetable decompiler of machine code programs. The first release to include the new Capstone-based instruction decoders, and support for compiling on macOS.

Read more

APKtool

A tool for reverse engineering Android apk files.cIt can decode resources to the nearly original form and rebuild them after making some modifications; it makes it possible to debug small code step by step.

Read more

Osmedeus

Fully automated offensive security framework for reconnaissance and vulnerability scanning.

Read more
Global Security Events

New Pervasive Worm Exploiting Linux Exim Server Vulnerability

There’s an active, ongoing campaign exploiting a widespread vulnerability in linux email servers. This attack leverages a week-old vulnerability to gain remote command execution on the target machine, search the Internet for other machines to infect, and initiates a crypto miner

Read more

SWEED: Exposing years of Agent Tesla campaigns

Cisco Talos recently identified a large number of ongoing malware distribution campaigns linked to a threat actor we're calling "SWEED," including such notable malware as Formbook, Lokibot and Agent Tesla.

Read more

Monroe College Hit With Ransomware, $2 Million Demanded

A ransomware attack at New York City's Monroe College has shutdown the college's computer systems at campuses located in Manhattan, New Rochelle and St. Lucia. Reports indicate that the attackers are asking for 170 bitcoins in order to decrypt the entire college's network.

Read more
InQuest™ Insider - Your monthly resource for the latest in cyber security news, trends, tips and tools. Subscribe here.
Copyright © InQuest™ 2019